TL;DR
- Hackers exploited Bitcoin’s OP_RETURN feature to send an on-chain phishing message to the Mt. Gox wallet holding 79,956 BTC, baiting owners to a fake Salomon Brothers site.
- The bogus legal notice on-chain lured dormant wallet holders to surrender credentials and personal documents, risking access to the massive Bitcoin stash.
- This sophisticated attack turns blockchain transparency into a phishing vector and underscores rising threats; dormant-coin custodians must remain hyper-vigilant as protocol features evolve.
A bold team of cybercriminals has transformed the Bitcoin ledger into a battlefield, initiating a phishing attack on one of the most well-known inactive wallets in cryptocurrency history. By exploiting Bitcoin’s OP_RETURN feature, hackers sent an on-chain transaction to address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF, home to exactly 79,956 BTC, or roughly $8.7 billion.
Embedded in this transaction was a bait message directing the address’s owner to a bogus Salomon Brothers website, claiming custodial rights over the seemingly “abandoned” wallet.
There appears to be an ongoing Bitcoin scam occurring. Someone is sending old 2011 era Bitcoin addresses with balances, transactions with an OP_Return output. For instance the 1Feex… address, with c80,000 BTC stolen from MtGox. The OP_Return message is as follows
“NOTICE TO… pic.twitter.com/lAT5ONPD4f
— BitMEX Research (@BitMEXResearch) July 8, 2025
OP_RETURN Exploit Baits Wallet Owners
OP_RETURN traditionally allows small data to be stored immutably on Bitcoin’s blockchain, but it has now morphed into a phishing vector. The attackers crafted a message that reads like a legal notice, urging anyone connected to the Mt. Gox-stolen coins to verify ownership.
Unsuspecting holders tricked into visiting the fake site would be prompted to hand over sensitive login credentials and personal documents, information that could grant full access to the immense stash of coins.
Legacy Mt. Gox Funds in the Crosshairs
In 2014, the collapse of Tokyo’s Mt. Gox exchange resulted in the disappearance of 850,000 BTC, leading to creditor claims and a loss of trust. While authorities managed to recover 140,000 BTC for restitution, the lion’s share remains frozen in wallets untouched for over a decade. BitMEX Research and other on-chain analysts have flagged this as just the latest in a string of scams aimed at legacy addresses, underscoring how these “frozen fortunes” continue to attract predators hungry for a payday.
Evolving Threats in Crypto Security
This incident highlights the fast-evolving landscape of crypto threats, where attackers blend protocol features with social engineering. Embedding URLs in transactions turns blockchain transparency against its users, creating phishing lures that resist censorship.
As Bitcoin Core prepares to lift OP_RETURN size limits in an upcoming upgrade, security experts warn that scammers will gain even more room for nefarious payloads. Wallet owners holding dormant balances must remain hyper-vigilant, any unsolicited on-chain message could mask a sophisticated trap.
